Become a Partner
Add OffSec to your list of training providers
Partner with us
OffSec Wins Seven Global InfoSec Awards during RSA Conference 2024
Read blogKali Linux
Kali Linux related news and updates from the OffSec Team
Introduction to Car Hacking: The CAN Bus
<p>The CAN bus (Controller Area Network bus) is a central network that a vehicle communicates with its components. We can think of this in regard to the fact that the vehicle has many functions that operate via electrical signals. The car has door locks, a speedometer, a gas gauge, controls for the brakes, controls for the gas pedal, and many, MANY more.</p>
Creating Kali i3-gaps
<p>i3 is a tiling window manager for Linux and BSD systems. In this blog post, Arszilla gives a walk through on how he created his custom Kali i3-gaps ISO.</p>
Customizing Kali Linux
<p>One of the designers on the Kali Linux team shares his top tips and tools to customize Kali Linux. Dig in under the hood with Daniel Ruiz de Alegría.</p>
Kali Linux 2.1.2 ARM Releases
<p style="text-align: justify;">The time has come for yet another Kali ARM image release with new and updated images. Our collection of supported ARM hardware grows constantly with new images from <strong>Raspberry Pi 3</strong>, <strong>Banana Pi</strong> and <strong>Odroid-C2</strong>, with the latter being our first real <strong>arm64</strong> image. We’re really excited about our new arm64 build environment and hope to see more 64bit ARM devices running Kali in the future. Feel free to visit our <a href="https://www.offsec.com/kali-linux-arm-images/" target="_blank" rel="noopener noreferrer">Kali Linux ARM downloads</a> page to get the latest goodness.</p>
Kali Rolling ISO of DOOM, Too.
<p style="text-align: justify;">A while back we introduced the idea of Kali Linux Customization by demonstrating the <a href="https://www.offsec.com/kali-linux/kali-linux-iso-of-doom/" target="_blank" rel="noopener noreferrer">Kali Linux ISO of Doom</a>. Our scenario covered the installation of a custom Kali configuration which contained select tools required for a remote vulnerability assessment. The customised Kali ISO would undergo an <strong>unattended autoinstall</strong> in a remote client site, and automatically <strong>connect back</strong> to our OpenVPN server over TCP port 443. The OpenVPN connection would then <strong>bridge the remote and local networks</strong>, allowing us full “layer 3” access to the internal network from our remote location. The resulting custom ISO could then be sent to the client who would just pop it into a virtual machine template, and the whole setup would happen automagically with no intervention – as depicted in the image below.</p>
Kali Linux Rolling Virtual & ARM Images
<p style="text-align: justify">With the recent release of <strong><a href="https://www.kali.org/news/kali-linux-rolling-edition-2016-1/" target="_blank" rel="noopener noreferrer">Kali Rolling 2016.1</a></strong> completed, we’ve gone ahead and updated our custom Kali VMware, VirtualBox, and ARM images. Here’s a few news items and updates that we have regarding these images for those who prefer to get them pre-built.</p>
Kali Linux 2.0 Top 10 Post Install Tips
<p style="text-align: justify;">With Kali 2.0 now released, we wanted to share a few post install procedures we find ourselves repeating over and over, in the hopes that you will find them useful as well. We’ve also slapped in some answers to common questions we’ve been getting. <strong>Here is our top 10 list</strong>:</p>
Kali 2.0 Dojo Black Hat / DEF CON USA 2015
<p style="text-align: justify;">Last years event was a rousing success, with many attendees staying all day long and working through the multiple exercises. We had such a great time, we wanted to do it again. This is a great chance to get hands on with <strong>Kali 2.0</strong>, learning the cutting edge features and how to best put them to use. In this two session workshop series, we will be covering how to create your own custom Kali ISO that is tweaked and modified to exactly fit your needs. This will be followed up in the second session with a hands-on exercise of deploying Kali on USB sticks so that it contains several persistent storage profiles, both regular and encrypted – including the<strong> LUKS nuke</strong> feature.</p>
Booting Kali Linux Live Over HTTP
<p>Kali Linux Features</p> <p style="text-align: justify;">Here at Offensive Security, we tend to use Kali Linux in unconventional ways – often making use of some really <a class="external external_icon" title="Kali Linux Features" href="https://www.kali.org/kali-linux-features/" target="_blank" rel="noopener noreferrer">amazing features</a> that Kali Linux has to offer. One of these interesting use-cases includes booting instances of Kali Linux Live over HTTP, directly to RAM. We realized there’s little documentation around this feature and thought we’d shed some light on it so others may enjoy this feature as well.</p> <p>Booting Kali Over HTTP – Overview</p> <p style="text-align: justify;">The basic premise involves using the Kali Live kernel and initrd for booting, while calling the Kali root filesystem through an HTTP URI. The initial boot process can take place over the network (via PXE) or a minimal Kali Linux USB/CD – while the remote root filesystem is a squashfs image served over HTTP via an Apache server.</p> <p><a class="excerpt-read-more" href="https://www.offsec.com/kali-linux/booting-kali-linux-live-http/" title="ReadBooting Kali Linux Live Over HTTP">… Read more »</a></p>
Kali Linux on a Raspberry Pi (A/B+/2) with Disk Encryption
<p style="text-align: justify;">With the advent of smaller, faster ARM hardware such as the new <strong>Raspberry Pi 2</strong> (which now has a <a title="Kali Linux Downloads" href="https://www.offsec.com/kali-linux-vm-vmware-virtualbox-image-download/" target="_blank" rel="noopener noreferrer">Kali image built</a> for it), we’ve been seeing more and more use of these small devices as “<strong>throw-away hackboxes</strong>“. While this might be a new and novel technology, <strong>there’s one major drawback</strong> to this concept – and that is the <strong>confidentiality of the data</strong> stored on the device itself. Most of the setups we’ve seen do little to protect the sensitive information saved on the SD cards of these little computers.</p>
Kali USB – Multiple Persistent Stores
<p style="text-align: justify;">One of the markings of the 1.0.7 Kali release was the introduction of <a href="https://www.offsec.com/kali-linux/kali-encrypted-usb-persistence/" title="Kali Encrypted USB Persistence" target="_blank">Kali Live USB LUKS encrypted persistent storage</a>, on which we further elaborated in one of our previous blog posts. However, we’re not done yet with USB persistent storage as more features in Kali remain to be explored.</p>
Bypassing Windows and OSX Logins with NetHunter & Kon-boot
<p style="text-align: justify;">The Kali Linux <a href="https://www.offsec.com/kali-linux-nethunter-download/" title="Kali Linux NetHunter Download">NetHunter</a> platform has many hidden features which we still haven’t brought to light. One of them is the <a href="https://play.google.com/store/apps/details?id=com.softwarebakery.drivedroid&hl=en" title="DriveDroid" target="_blank" rel="noopener noreferrer">DriveDroid</a> application and patch set, which have been implemented in NetHunter since v1.0.2. This tool allows us to have NetHunter emulate a bootable ISO or USB, using images of our choosing. That’s right, you can use NetHunter as a boot device which holds a library of bootable ISOs and images…And so we begin:</p>